<?php
class Ehl_Acl extends Jnd_Acl {
  public static $_listeControleAcces = array(
    self::ROLE_ADMINISTRATEUR => array(
      self::GROUPE_ADMIN
    ), 
    self::ROLE_EDITEUR => array(
      self::GROUPE_EDITEUR
    ), 
    self::ROLE_INF_GESTION => array(
      self::GROUPE_INF_GESTION
    ), 
    self::ROLE_RH => array(
      self::GROUPE_RH
    ), 
    self::ROLE_CREATION => array(
      self::GROUPE_CREATEUR
    ), 
    self::ROLE_DEPART_DEMANDEUR => array(
      self::GROUPE_DEPART_DEMANDEUR
    ), 
    self::ROLE_EXPLOITATION => array(
      self::GROUPE_EXPLOITATION
    ), 
    self::ROLE_RECHERCHE_GLOBALE => array(
      self::GROUPE_RECHERCHE_GLOBALE
    ), 
    self::ROLE_GESTION => array(
      self::GROUPE_GESTION
    ), 
    self::ROLE_GUEST => array()
  );
  protected $_defaultRole;

  const ROLE_GUEST = 'invite';

  const ROLE_EDITEUR = 'editeur';

  const ROLE_INF_GESTION = 'infgestion';

  const ROLE_EXPLOITATION = 'exploitation';

  const ROLE_CREATION = 'creation';

  const ROLE_DEPART_DEMANDEUR = 'departdemandeur';

  const ROLE_RH = 'rh';

  const ROLE_ADMINISTRATEUR = 'administrateur';

  const ROLE_RECHERCHE_GLOBALE = 'rechercheglobale';

  const ROLE_GESTION = 'gestion';

  const GROUPE_ADMIN = "CN=APP_DEVELOPPEURS,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_RH = "CN=APP_WSW_RH,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_EDITEUR = "CN=APP_WSW_EDITEUR,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_EXPLOITATION = "CN=APP_WSW_EXPLOITATION,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_CREATEUR = "CN=APP_WSW_CREATEUR,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_DEPART_DEMANDEUR = "CN=APP_WSW_DEPART_DEMANDEUR,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_INF_GESTION = "CN=APP_WSW_INF_GESTION,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_RECHERCHE_GLOBALE = "CN=APP_WSW_RECHERCHE_GLOBALE,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  const GROUPE_GESTION = "CN=APP_WSW_GESTIONNAIRES,OU=WSW,OU=APP_DDB,DC=net,DC=lan";

  public function __construct() {

    //  Affectation des groupes aux roles
    $listeControleAcces = self::$_listeControleAcces;
    
    //      "utilisateur" => array(self::GROUPE_UTILISATEUR_DDB, self::GROUPE_UTILISATEUR_DDBLINK),
    $defaultRole = self::ROLE_GUEST;
    
    //    $this->_listeControleAcces = $listeControleAcces;
    $this->_defaultRole = $defaultRole;
    
    //  Gestion des ressources
    $this->add(new Zend_Acl_Resource('annuaire.index'));
    $this->add(new Zend_Acl_Resource('annuaire.personne'));
    $this->add(new Zend_Acl_Resource('annuaire.groupe'));
    $this->add(new Zend_Acl_Resource('default.administration'));
    $this->add(new Zend_Acl_Resource('default.index'));
    $this->add(new Zend_Acl_Resource('default.annuaire'));
    $this->add(new Zend_Acl_Resource('default.ajax'));
    $this->add(new Zend_Acl_Resource('default.exports'));
    $this->add(new Zend_Acl_Resource('groupe.index'));
    $this->add(new Zend_Acl_Resource('administration.index'));
    
    //  Gestion des roles
    $this->addRole(new Zend_Acl_Role(self::ROLE_GUEST));
    $this->addRole(new Zend_Acl_Role(self::ROLE_RECHERCHE_GLOBALE), self::ROLE_GUEST);
    $this->addRole(new Zend_Acl_Role(self::ROLE_EDITEUR), self::ROLE_GUEST);
    $this->addRole(new Zend_Acl_Role(self::ROLE_INF_GESTION), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_EXPLOITATION), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_GESTION), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_CREATION), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_DEPART_DEMANDEUR), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_RH), self::ROLE_EDITEUR);
    $this->addRole(new Zend_Acl_Role(self::ROLE_ADMINISTRATEUR), self::ROLE_EDITEUR);
    
    //  Attribution
    $this->allow(self::ROLE_GUEST, 'annuaire.index');
    $this->allow(self::ROLE_GUEST, 'annuaire.personne');
    $this->allow(self::ROLE_GUEST, 'annuaire.groupe');
    $this->deny(self::ROLE_GUEST, 'administration.index');
    $this->deny(self::ROLE_GUEST, 'annuaire.personne', 'editer');
    $this->allow(self::ROLE_GUEST, 'default.exports', null);
    $this->allow(self::ROLE_GUEST, 'default.index');
    $this->allow(self::ROLE_GUEST, 'default.annuaire');
    $this->allow(self::ROLE_GUEST, 'default.ajax');
    $this->allow(self::ROLE_GUEST, 'groupe.index');
    $this->allow(self::ROLE_EDITEUR, 'annuaire.personne', 'editer');
    $this->allow(self::ROLE_ADMINISTRATEUR, 'default.administration');
  }

  public function recuperationLca() {

    return self::$_listeControleAcces;
  }

  public function getDefaultRole() {

    return $this->_defaultRole;
  }

  /**
   * Teste que la personne connecté possède le rôle requis.
   * @param string $role
   * @param Ddb_User_Ldap $utilisateur
   */
  public static function possedeRole( $role, $utilisateur ) {

    $flag = false;
    if( $utilisateur instanceof Ddb_User_Ldap ) {
      $groupes = $utilisateur->recupAttributLdap("memberof");
      if( ! is_array($groupes) ) {
        $groupes = (array) $groupes;
      }
      foreach( $groupes as $groupe ) {
        if( in_array($groupe, self::$_listeControleAcces[$role]) ) {
          $flag = true;
          break;
        } else {
          $flag = false;
        }
      }
    }
    return $flag;
  }

  /**
   * @author Thierry BROUARD (BIIS)
   * @modified 19/03/2010
   * @param string $value
   * @param array $list
   * @param boolean $strict
   * @param boolean $casesensitive
   * @return boolean
   */
  public static function isMemberOf( $value, $list, $strict = false, $casesensitive = false ) {

    $found = false;
    if( $value != '' ) {
      if( is_array($list) ) {
        foreach( $list as $item ) {
          $found = self::isValueMatch($item, $value, $strict, $casesensitive);
          if( $found )
            break;
        }
      } else {
        $found = self::isValueMatch($item, $value, $strict, $casesensitive);
      }
    }
    return $found;
  }

  /**
   * 
   * @author Thierry BROUARD (BIIS)
   * @modified 19/03/2010
   * @param string $valueA
   * @param string $valueB
   * @param boolean $strict
   * @param boolean $casesensitive
   * @return boolean
   */
  public static function isValueMatch( $haystack, $needle, $strict = false, $casesensitive = false ) {

    $found = false;
    if( $strict ) {
      if( $needle == $haystack ) {
        $found = true;
      }
    } else {
      if( $casesensitive ) {
        if( strstr($haystack, $needle) !== false ) {
          $found = true;
        }
      } else {
        if( stristr($haystack, $needle) !== false ) {
          $found = true;
        }
      }
    }
    return $found;
  }

}

